> TritonInfoSec News

# Archive

Browse past daily curated stories

May 09 May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12 Apr 11 Apr 10 Apr 09 Apr 08 Apr 07 Apr 05 Apr 04 Apr 03

Sunday, March 01, 2026

  1. 1
    0
    BleepingComputer general
    $4.8M in crypto stolen after Korean tax agency exposes wallet seed

    South Korea's National Tax Service accidentally exposed a cryptocurrency wallet's mnemonic recovery phrase in an official press release, allowing hackers to steal 6.4 billion won ($4.8 million) worth of cryptocurrency from the seized wallet. This demonstrates how government agencies handling crypto assets can become high-value targets when operational security fails.

  2. 2
    0
    SecurityWeek general
    Canadian Tire Data Breach Impacts 38 Million Accounts

    Canadian Tire suffered a data breach affecting 38 million customer accounts, exposing names, addresses, email addresses, phone numbers, and encrypted passwords. The massive scale makes this one of the largest retail breaches in recent history, highlighting the extensive personal data collected by major retailers.

  3. 3
    0
    Krebs on Security threat-intel
    Who is the Kimwolf Botmaster “Dort”?

    KrebsOnSecurity investigates the identity of "Dort," the operator of Kimwolf botnet described as the world's largest and most disruptive botnet. Following disclosure of vulnerabilities used to build the botnet in January 2026, Dort has launched DDoS attacks, doxxing campaigns, and even caused a SWAT team to be sent to a security researcher's home.

  4. 4
    0
    The Hacker News general
    Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

    Truffle Security discovered nearly 3,000 Google Cloud API keys (prefixed with "AIza") embedded in client-side code that could be abused to authenticate to Gemini AI endpoints and access private data. The keys, originally meant as project identifiers for billing, gained unauthorized access to sensitive AI services when Gemini APIs were enabled.

  5. 5
    0
    BleepingComputer general
    QuickLens Chrome extension steals crypto, shows ClickFix attack

    The Chrome extension "QuickLens - Search Screen with Google Lens" was removed from the Chrome Web Store after being compromised to push malware targeting cryptocurrency theft from thousands of users. The incident demonstrates a ClickFix attack vector where legitimate browser extensions are weaponized to deliver malicious payloads.

  6. 6
    0
    The Hacker News general
    ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

    OpenClaw fixed a high-severity vulnerability dubbed "ClawJacked" that allowed malicious websites to connect to locally running AI agents via WebSocket and hijack control. The flaw affected the core OpenClaw gateway system without requiring any plugins or extensions, demonstrating risks in local AI agent architectures.

  7. 7
    0
    SecurityWeek general
    900 Sangoma FreePBX Instances Infected With Web Shells

    Attackers infected 900 Sangoma FreePBX instances with web shells by exploiting a post-authentication command injection vulnerability in the endpoint manager's interface. The widespread compromise of these business phone system servers creates persistent backdoor access for attackers in corporate networks.

  8. 8
    0
    The Hacker News general
    ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

    North Korean threat actor ScarCruft deployed new malware tools including a backdoor using Zoho WorkDrive for command-and-control communications and USB-based implants to breach air-gapped networks. The Ruby Jumper campaign demonstrates advanced techniques for crossing network segmentation boundaries through removable media.

  9. 9
    0
    SecurityWeek general
    Juniper Networks PTX Routers Affected by Critical Vulnerability

    Juniper Networks released an out-of-band security update for Junos OS Evolved to patch CVE-2026-21902, a critical remote code execution vulnerability affecting PTX routers. The emergency nature of the patch suggests significant impact potential for enterprise and service provider networks using these high-end routing platforms.

  10. 10
    0
    The Hacker News general
    Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

    Researchers discovered a malicious Go module at github[.]com/xinfeisoft/crypto that impersonates the legitimate golang.org/x/crypto codebase while injecting code to harvest terminal passwords, create SSH persistence, and deploy the Rekoobe Linux backdoor. The supply chain attack targets developers using the popular Go programming language's cryptographic libraries.